alt Hacker NewsIf you're just doing hub-and-spoke anyway, yeah, you can do it yourself. I did for years. But holy smokes, is it a PITA to manually copy keys around to devices; especially when they might not even be yours. I have my Tailscale account hooked up to my self-hosted identity server and now it's just a matter of logging in on whatever device I want to be on the network.
Plus, I have the option of spinning up a random EC2 box whenever I want and instantly joining it to the network with basically no fuss.
Replies
I have a phone and laptop; those are my only two "mobile" devices that I might ever use to access my home network remotely. I set them up once, it took a few minutes, and I won't have to do it again unless I replace one of them.
I can completely understand using Tailscale for enterprise networks, but it seems very overengineered for my personal VPN needs.
I feel like articles like this do Tailscale a disservice to a certain degree. Most people know Tailscale helps with managing the mesh of connected devices. And as many people have said here you can do this manually with Wireguard, Netbird, Nebula, ZeroTier and many others. Why Tailscale is so helpful is the ACL system. I have about 40 devices connected to my Tailnet and depending on tags devices can or can't access direct communication and also certain exit node networks. Traditional VPNs generally suck because you dump out of a host and have flat access to everything. Tailscale allows you to segment access without disrupting general Internet access with minimal friction and ACLs allow segmentation to happen at the user / device level. Most people aren't using Tailscale ACLs, in fact I rarely hear it discussed. Also the article fails to mention Tailscale Peer Relays [0] which decreases the dependency on DERP relays significantly and are controlled by, you guessed it, ACLs.
[0] https://tailscale.com/blog/peer-relays-beta